In my home media setup (LG UQ81 TV, WiiM Amp via ARC, Xbox Series X, Chromecast with Google TV), the CEC setup _almost_ works perfectly.
* I can use the LG TV’s remote alone to control everything including the Chromecast and amp’s volume controls.
* The amp automatically switches on and off with the TV.
* Turning the Xbox on/off via its controller also turns on/off the TV and the amplifier together.
Mostly good, except sometimes when I have my Chromecast on and switch the Xbox on via the controller it gets stuck in an endless loop of flicking back and forth between HDMI 1 and HDMI 2, between Chromecast and Xbox. Nothing I can do will stop it except to power cycle the TV.
If anyone has experienced anything similar or has any tips on how to debug this that would be much appreciated!
You might be interested to read about the findings by Ruter, the publicly owned transport company for Oslo. They discovered their Chinese Yutong electric buses contained SIM cards, likely to allow the buses to receive OTA updates, but consequentially means they could be modified at any moment remotely. Thankfully they use physical SIMs, so some security hardening is possible.
Of course, with eSIMs becoming more widespread, it’s not inconceivable you could have a SoC containing a 5G modem with no real way to disable or remove it without destroying the device itself.
Out of curiosity, could this have been a vector for a supply chain attack?
I am currently running an fairly outdated version of datatables on a personal project, v1.11.3 from 2021. I'm not too worried about running this older version, because according to dependency scanning software there's no CVEs for it [1]. Also, upgrading this package is too tricky as there's been some pretty huge breaking changes, so I'm stuck at this older version.
I am _not_ using the datatables CDN but instead self-hosting the static files. However, I did not notice until recently that in v1.11.3 it comes with a CSS stylesheet [2] that loads a static resource from that CDN: `url("https://www.datatables.net/examples/resources/details_open.p...")`
It looks like newer versions of datatables don't import static files from the datatables CDN like this.
Presumably if this domain was hijacked as stated in this incident review, users on affect datatables version could have had their site compromised?
Would it make sense to issue a CVE for older datatables library versions that could be susceptible to this attack?
> Out of curiosity, could this have been a vector for a supply chain attack?
If you were using the CDN without SRIs, then yes, that would have been the most obvious channel. However, I don't believe the attacker ever set up for that and the URLs never resolved due to CloudFlare blocking it.
> there's been some pretty huge breaking changes
Unless you were using the legacy API, there shouldn't be any major impediment [1]. I intentionally tried to keep backwards compatibility as I hate doing library upgrades myself! Drop me an email - allan at the domain in question if you have any questions about doing an upgrade.
> It looks like newer versions of datatables don't import static files from the datatables CDN like this.
I rewrote aspects to use CSS styled elements in place of images, so there were less resources to load.
> Would it make sense to issue a CVE for older datatables library versions that could be susceptible to this attack?
Per the above, if you were using the CDN without SRI for the resources, then any version could have been susceptible. However, I've seen no evidence that the attack took that vector.
I thought I was not using the CDN as I had self-hosted the static sources, but some image sources seemed to be imported from the CDN in stylesheets in the version of data tables I linked.
I just updated my application from v1.11 to v1.13 without any trouble (aside from some minor aesthetic changes to padding), so at the very least I now benefit from your styled elements.
Thanks for your dedication on this package, I’ve used it for years and it works very well.
I seem to recall enjoying using datatables. You, or somebody else associated helped me on the forums. Not sure what I asked but I remember two things: positive dev interaction, and the pain of figuring out how to make the OOX/Excel export not lose proceeding zeros. (Had to write my own handler to change the xml)
Offsite replica is only applicable if the cause is a failure of the primary. What if I’m restoring a backup because someone accidentally dropped the wrong table?
nah, on a long enough timeline everything will go wrong. blaming the person who managed to drop the table finally is dumb: if you can't fix literally everything that could happen to it, it's not done.
I’ve used this app for a while, it’s really good and I’d highly recommend it if you want to learn more about the birds where you live in an accessible way.
* I can use the LG TV’s remote alone to control everything including the Chromecast and amp’s volume controls.
* The amp automatically switches on and off with the TV.
* Turning the Xbox on/off via its controller also turns on/off the TV and the amplifier together.
Mostly good, except sometimes when I have my Chromecast on and switch the Xbox on via the controller it gets stuck in an endless loop of flicking back and forth between HDMI 1 and HDMI 2, between Chromecast and Xbox. Nothing I can do will stop it except to power cycle the TV.
If anyone has experienced anything similar or has any tips on how to debug this that would be much appreciated!
reply